IPv4 like NAT but over IPv6
-
Hello,
i think I'm getting nuts about this. Following scenario:
With the latest Windows 10 versions I have to switch to IPv6 but I can't get it running. I have a private internet connection with very limited configuration possibilities and a dynamic public address and therefor also a dynamic public IPv6/56 prefix. But I have a active directory running in my LAN and this needs static addressing. I am running a pfSense firewall and thought of using it like with IPv4 which should be possible in my understanding. So I wanted to create a private subnet (fd05:2017:40d0:4458:: /64) and use the internal DHCPv6-Server to tell my clients where to find the Active Directory Domain Controller and Bind DNS server (Address static: fd05:2017:40d0:4458::2). In my understanding the LAN address of pfSense (fd05:2017:40d0:4458::1) should be configured as gateway. But there is no option in the DHCPv6 server configuration dialogue. Hm ...
Is it really not possible to create a classic NAT setup and do I have to make all my clients in my PRIVATE! lan public accessible?! Or am I getting something wrong here. Help would be appreciated. Thanks.Kind regards
Andreas
-
@schrotti12 said in IPv4 like NAT but over IPv6:
With the latest Windows 10 versions I have to switch to IPv6
Huh?? Sorry but you must be misreading something... There is NOTHING in windows that "requires" ipv6
Please link to what you reading that states ipv6 is required..
-
@johnpoz said in IPv4 like NAT but over IPv6:
There is NOTHING in windows that "requires" ipv6
HomeGroup networks work over IPv6 only.
-
That is not something new in latest windows 10 update... And NOBODY should be using that shit anyway. And it only needs link local.
And it was REMOVED anyway - which is one of the few things ms doing right ;)
https://support.microsoft.com/en-us/help/4091368/windows-10-homegroup-removedAnd he stated he was running AD anyway - so clearly not homegroups
But I have a active directory running in my LAN
-
A bit off topic... Sorry for the abuse. I have found your advice on IPv6 on Rogers to be a lifesaver. Where should I post some interesting findings regarding 10 to 12 minute delays connecting to ubuntu repo and "nest", yeah the thermostat company.. I have a theory...
-
Do you feel it has something to do with pfsense or just ipv6 in general? If somehow related to pfsense then ipv6 section, if just ipv6 in general then the general section prob better.
Who are you directing you found advice on Rogers too? But I have ubuntu with ipv6 and I run nest thermo and protect.. But there is no IPv6 enabled on their vlan..
-
Thanks for the quick response. I was directing it to JKnott as he seems very familiar with Rogers here in Canada.
-
I feel that this is not a pfsense issue but more a rogers issue. But when I removed/deleted/scrubbed/erased/disabled (well you folks know what I mean) the dhcp6 gateway then the slowdown connecting to to the ubuntu repository and the Nest hosts went away.
-
Good evening,
my problem is, that if I have my network running with IPv4, my Samba4/AD controller is found without any problems, because my DHCP server tells the clients how to find the server (Primary DNS server). But for full functionality (i.e. Edge does not work anymore, when IPv6 is disabled) I have to enable IPv6 and then my internal DHCP server is not used anymore and my clients get a public IPv6 address from my provider. The problem here is, that my provider tells my internal clients his DNS server. But I need my internal Bind DNS server (because of AD ...). Therefore I have to block the external DHCP server and use my internal, but it is not used. I can activate whatever I want, my internal clients do not get an address from the local subnet (fd05:2017:40d0:4458:: /64) but from my provider which is ... slightly ... annoying. Without that, my Win10Pro clients are in a "Public network" instead of a "Domain network" ...
I hope I could describe my problem.
Thanks and good bye
Andreas
-
@schrotti12 said in IPv4 like NAT but over IPv6:
Edge does not work anymore, when IPv6 is disabled
Nonsense... Using Edge right now with NO IPv6... If what your saying is true the MIllions, if not 10's of Millions of users that have NO ipv6 wouldn't be able to use Edge..
-
@johnpoz said in IPv4 like NAT but over IPv6:
Nonsense... Using Edge right now with NO IPv6... If what your saying is true the MIllions, if not 10's of Millions of users that have NO ipv6 wouldn't be able to use Edge..
There was something in the news recently about something that fails with Edge, but doesn't affect other browsers. I don't recall the details though.
-
@redstonemason said in IPv4 like NAT but over IPv6:
I feel that this is not a pfsense issue but more a rogers issue. But when I removed/deleted/scrubbed/erased/disabled (well you folks know what I mean) the dhcp6 gateway then the slowdown connecting to to the ubuntu repository and the Nest hosts went away.
I haven't experienced anything like that. However, I use openSUSE and am not that familiar with Ubuntu.
-
The only thing I recall recently about MS and Edge was the nonsense about win 10 warning you to not install firefox or chrome ;)
I have ipv6 completely turned off on this box.. It has NO ipv6 enabled
C:\>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : i5-win Primary Dns Suffix . . . . . . . : local.lan Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : local.lan Ethernet adapter Ethernet: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 00-13-3B-2F-67-62 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.9.253 DNS Servers . . . . . . . . . . . : 192.168.3.10 NetBIOS over Tcpip. . . . . . . . : Disabled C:\>And Edge works just fine...
-
Well, I can only tell, that if I have my settings like this:
Edge tells me
And if I enable IPv6, Edge works:
I don't know why this is and I hate it and I did not want to start a discussion about Windows, Microsoft or IPv6 in general but I just wanted to know if it is possible to keep my network private without making all machines reachable from the Internet and how to configure the whole thing so that my AD controller is still find- and reachable.
-
Setting your devices to use a ULA would not allow them to use IPv6 to get to the internet..
You know that just unbinding ipv6 doesn't kill off any of the transition shit MS enables by default, ie teredo, isatap, 6to4 etc.. If windows "thinks" has a viable ipv6 address it will try to use that.. What does an ipconfig /all show when you unbind ipv6 from your interface?
When Ipv6 doesn't work the browser be it edge, firefox or chrome should at some point switch to IPv4 but it can take time for it to switch over and yeah can cause issues. Why to be honest its almost best to disable it completely if your not going to actually use it as intended.. Where your clients have a gua address to use.
Administration of IPv6 does complicate things quite a bit, especially in AD.. Let alone firewall rules Identification of machines, etc. etc.
You can disable ipv6 on your win10 machines easy with reg entry or even push it out with a group policy, etc.
BTW the gateway in IPv6 is not handed out via dhcpv6, its found out by the client via RA..
-
Hi!
When deactivating IPv6 in Windows there is not IPv6-address on the interface anymore.
Thanks for the hint with the RAs. I have to dig more into the topic. I watched my prefix the last few days and it did not change. Maybe I have to set up IPv6 statically on my servers with the dynamic prefix and configure the DNS server accordingly.
Some problems came up with node or better npm not finding the repository because it was not resolvable on a Debian machine.
I'll take some time to do this and post the result here.
Thanks for the help!
